2 Authentication & Identity Assurance 3 Identity Assurance What is Identity Assurance? Identity Assurance is a measure of the confidence that the entity at the other end of an authentication event, is who they are claiming to be Identity Assurance (IA) is a foundational element for effective security. IA is a pre-requisite for effective identity management, and identity management a pre-requisite for robust security

3 Authentication Authentication is the reliable identification of an entity based upon the presentation of a previously assigned token E.g. An account is created for Student X in the campus directory, the first time the student logs into the directory, they are asked to create a new password this password becomes their authentication token Subsequently when a student wants to access services on campus, a given service will ask which account (e.g. username for Student X) the student wants to access, then verifies who the requestor is by asking for their authentication token (in this case the password) If the requestor provides the correct password for the account, then the service assumes that the requestor is in fact the owner of the account (i.e. Student X) and can then make further authorization decisions upon that basis i.e. Student X is authenticated Authentication Strength Security is like a chain, it is only as strong as its weakest link The strength of an authentication event determines what trust or assurance can be placed in the assumption that you are in fact dealing with the claimed identity The strength of any Authentication event is dependent on the following: The original process to bind the identity to the authentication token The life cycle management and protection of the authentication token by the identity The infrastructure and protocols used by a service to validate an authentication token The use of multiple authentication factors to verify identity

4 Authentication Factors Three Factors of Authentication: Something you know e.g. password, secret, URI, graphic Something you have e.g. key, token, smartcard, badge Something you are e.g. fingerprint, iris scan, face scan, signature Authentication Factors Single Factor of Authentication is most common Passwords (something you know) are the most common single factor At least Two Factor Authentication is recommended for securing important assets e.g. ATM card + PIN (have + know) 2 x Single Factor Authentication Two Factor Authentication e.g. Password + Graphic is NOT equivalent to Smartcard + PIN (although it may be better than a single instance of One Factor Authentication) Without Two Factor Authentication, some secure communications may be vulnerable to disclosure Especially in wireless networks

5 Authentication Infrastructure There are essentially 2 main factors that impact the assurance of an authentication event due to infrastructure Is there a secure path between claimant and service for transmitting identity credentials E.g. TLS for open network traversal or dedicated line owned by the service provider Integrity of the operating environments at either end of the communications pipe Availability of trusted and up-to-date validity status of the presented credentials E.g. Access to authoritative directory for verification of password CRLs or OCSP for PKI credentials Authentication Token Life-cycle Another important consideration for the assurance in an authentication event, is the management of the authentication token by the holder AFTER it was issued E.g. for Username/Password system Was an Acceptable Use Policy agreed to by the user and if so, is it being followed? Has the User shared their password? Are they changing it at the required intervals? Are they using strong password characteristics? Did they write down or leave it unprotected? Do they avoid shoulder surfers? Did they change their password after they discovered it was compromised? E.g. for PKI Was a Subscriber Agreement agreed to by the user and if so, is it being followed? Is the user keeping their key password protected? Did they move their key to a public location? Are they using the credential for an unsanctioned purpose? Did they share their key with another user? Did they revoke their certificate after they discovered it was compromised?

6 Identity Binding The strength of an authentication event is directly dependent on the original identity binding process utilized when the authentication or identity token was issued How was the original identity verified? What processes were used to ensure the subscriber/user is the rightful owner of their claimed identity? Was trusted biometric verification used e.g. photo ID or fingerprint from a trusted authority? How reliable are the sources of identity information? Is there a valid reason for the entity to obtained the credential? What type of credential was issued? Is it resistant to tampering, counterfeit, or exploitation? Does it have on-going validity assertion capability? Authentication Strength Security is like a chain, it is only as strong as its weakest link The strength of an authentication event determines what trust or assurance can be placed in the assumption that you are in fact dealing with the claimed identity The strength of any Authentication event is dependent on the following: The original process to bind the identity to the authentication token The life cycle management and protection of the authentication token by the identity The infrastructure and protocols used by a service to validate an authentication token The use of multiple authentication factors to verify identity

7 Authentication Strength Comparison The following set of slides is a comparison of some common authentication tokens and their mechanisms as used on Dartmouth campus They are presented in order of strength from Dartmouth s perspective along the Identity Assurance continuum A brief discussion for each authentication token/mechanism is detailed on how it has the capability to affect the assurance of transactions based upon them Password Authentication 14

8 Plain Password Authentication 1. User types address into browser 2. Browser directs to any server responding to that URL 5. Browser sends credentials to server 3. Server presents Login Page 4. User enters credentials into browser, and Submits User is logged in Or denied based on match Plain Password Authentication By using an http URL, the user has no guarantee that they are talking to the correct server There are no transport protections so username and password can be intercepted and stolen in transit (wired or wireless) A MITM attacker simply pretends to be the server (local DNS poisoning), asks the user for their credentials and replays the answers to the real server in real time to gain access the user is oblivious to this attack If the password is saved in the browser, it can be stolen by malware or a malicious user A user can be socially engineered to reveal username /password to an attacker Passwords only provide a single authentication factor Passwords generally represent a poor binding between identity and credential The server knows everyone s password it is a single point of failure for ALL credentials if it is compromised A malicious server can masquerade as any user to any other service that accepts the same username/ password (MITM) The server has very minimal assurance that they are talking to the original user the password could have been shared, stolen or guessed 16

9 Server-side PKI Authentication 17 Adding Server-side PKI to Password Authentication Server-side PKI can strengthen password authentication by adding a SSL/TLS certificate to the web server and requiring users to connect over HTTPS If the server certificate is issued by a Root CA that is trusted by the browser, the user is connected to the web site securely and all subsequent traffic between the server and the browser is encrypted 18

10 The name of the web server certificate matches what the user typed into the browser Adding Server-side PKI to Password Authentication The lock indicates a secure connection between browser and server Details about the web server certificate can be viewed by clicking on the lock in the browser status bar The Root CA that issued the web server certificate is trusted by both the server and the browser 19 Adding Server-side PKI to Password Authentication The Root CA that issued the web server certificate is trusted by both the server and the browser 20

11 Adding Server-side PKI to Password Authentication If another server tries to impersonate the real server, the browser warns the user about the potential deception If the Root CA is NOT trusted by the browser a similar warning is provided Even if the user ignores these warnings and continues to the web site, the browser address bar displays a red background and a broken lock to indicate the untrusted nature of the connection 21 Adding Server-side PKI to Password Authentication By using an http URL, the user has no guarantee that they are talking to the correct server There are no transport protections so username and password can be intercepted and stolen in transit (wired or wireless) A MITM attacker simply pretends to be the server (local DNS poisoning), asks the user for their credentials and replays the answers to the real server in real time to gain access the user is oblivious to this attack If the password is saved in the browser, it can be stolen by malware or a malicious user A user can be socially engineered to reveal username /password to an attacker Risk eliminated Risk reduced Passwords only provide a single authentication factor Passwords generally represent a poor binding between identity and credential The server knows everyone s password it is a single point of failure for ALL credentials if it is compromised A malicious server can masquerade as any user to any other service that accepts the same username/ password (MITM) The server has very minimal assurance that they are talking to the original user the password could have been shared, stolen or guessed 22

12 Adding Server-side PKI to Password Authentication Server-side PKI can strengthen password authentication by adding a SSL/TLS certificate to the web server and requiring users to connect over HTTPS Server-side certificates with TLS provides a guarantee to users that they are talking to an authentic web service providing they trust the Root CA that issued the server certificate Server-side certificates with TLS provides secure communications between the browser and the server once the encrypted session has been established A Man-in-the-middle (MITM) attack is still feasible, but requires a far more complex set up to get the user to ignore the browser warnings about untrusted certificates The only server that can act maliciously is the original hosted service because it legitimately knows all the users credentials Server-side PKI only provides strong authentication of server to browser the reverse direction authentication is still reliant on the authentication protocol being used (in this case, passwords which are quite weak) which can lower the assurance of any transaction performed using this process 23 Software Certificate Authentication 24

13 Using Software Certificates with Client-side PKI can replace password authentication when users have a digital certificate signed by a trusted Root CA and a corresponding key Software certificates stored in browsers are the simplest implementation of client-side PKI Client-side PKI operates in conjunction with server-side PKI to provide a mutually strongly authenticated session Instead of providing a username/password pair, the user is asked to select a software certificate registered with the browser, as their means of authenticating 25 Using Software Certificates with Which client certificates are acceptable, is controlled on the server The server provides a list to the browser of all the Root CAs that it trusts to issue client certificates, that it will in return accept for authentication purposes The browser then prompts the user with a list of only those client certificates that they have (known to the browser) that the server will accept (based on the commonly trusted Root CAs between browser and server) Once the user chooses a certificate, the browser asks permission to use the key associated with that certificate, to encrypt a nonce provided by the server The encrypted nonce along with the user s certificate is returned to the server If the user does not have any acceptable client certificates, they are unable to establish a secure connection 26 The server uses the certificate to decrypt the nonce and verify that the user controls the key Since the certificate contains only public information, and the nonce is a one-time-use only, the user is able to authenticate without revealing their authentication token (the key) but still providing proof of its possession

14 Using Software Certificates with Permission to use the key associated with a certificate should be enabled by a password or PIN but this is not required, and can only be enforced via policy and not technologically with current modern browsers If a key stored in the browser is protected by a password, then this technically provides two factors of authentication something the user has (a key), and something the user knows (a password) Some browsers allow back-up and export of keys, meaning there could be many locations that a given key exists. There is no way to know what protections are being used for keys being stored in this way. This situation can potentially lead to a lowering of the assurance in these credentials Restrictions on backup and storage can be controlled via policy, but do not negate malicious users Users who are unable to provide assurances regarding ALL copies of their key, effectively reduce the authentication strength via this method to something closer to a single factor of authentication since they can no longer guarantee that the key is something ONLY they have 27 Using Software Certificates with Client certificates that do not have their corresponding keys protected by passwords (or whose passwords are remembered in the browser), may be compromised by malware, used maliciously on the client s browser or copied to another location Issuance of client certificates is governed by policies created to ensure a strong binding between the authentication token (the key) and the identity of its owner, and also govern how a user should protect their key through its life-cycle. These controls are typically much stronger than those for passwords Client certificates stored in software are not as portable as passwords, but provide much stronger authentication they are typically stronger than an equivalent 128 character password Users who are unable to provide assurances regarding ALL copies of their key, effectively reduce the authentication strength via this method to something closer to a single factor of authentication since they can no longer guarantee that the key is something ONLY they have 28

15 Using Software Certificates with By using an http URL, the user has no guarantee that they are talking to the correct server There are no transport protections so username and password can be intercepted and stolen in transit (wired or wireless) A MITM attacker simply pretends to be the server (local DNS poisoning), asks the user for their credentials and replays the answers to the real server in real time to gain access the user is oblivious to this attack If the password is saved in the browser, the key may be stolen by malware or a malicious user A user can be socially engineered to reveal username /password to an attacker Risk eliminated Very Low Risk Risk reduced Passwords only provide a single authentication factor Passwords generally represent a poor binding between identity and credential The server knows everyone s password it is a single point of failure for ALL credentials if it is compromised A malicious server can masquerade as any user to any other service that accepts the same username/ password (MITM) The server has very minimal assurance that they are talking to the original user the password could have been shared, stolen or guessed 29 Using Software Certificates with Software certificates replacing passwords as the means of client authentication, when combined with server-side PKI, can eliminate almost all the risks inherent in password based protocols Potential for poor protection of keys through inappropriate (or no) passwords can reduced the effective level of assurance on this type of authentication, such that it cannot be considered true two factor authentication Social engineering attacks must be much more complex to steal the user s password and then subsequently gain access to the user s key A server has a reasonable assurance that it is communicating with the original authenticated user MITM attacks while still possible are highly unlikely due to the additional factors that must be cater for Software certificates as a means of authentication are far superior to plain passwords in every aspect however there is one deficiency that they introduce they are not very portable between multiple legitimate systems At Dartmouth we mitigate this issue by making it easy to get additional certificates on subsequent or additional legitimate systems 30

16 Virtual Tokens Authentication 31 Using PKI Virtual Tokens with PKI Virtual Tokens work exactly the same as software certificates from a functionality perspective. The user interactions are exactly the same, except when the browser asks permission to use the key associated with that certificate, the user MUST provide the password to the Virtual Token. The advantage of keys stored in Virtual Tokens and registered with the browser is that strong local password protection of keys can be enforced. A Virtual Token is really nothing more than a secure software container for the key instead of using the browser s key store 32 Virtual Tokens also remedy the portability deficiencies introduced by software certificates Virtual Tokens still suffer from the issue of being able to duplicate multiple instances of the key such that the assurance factors of this method is reduced

17 Using PKI Virtual Tokens with By using an http URL, the user has no guarantee that they are talking to the correct server There are no transport protections so username and password can be intercepted and stolen in transit (wired or wireless) A MITM attacker simply pretends to be the server (local DNS poisoning), asks the user for their credentials and replays the answers to the real server in real time to gain access the user is oblivious to this attack If the password is saved in the browser, the key may be stolen by malware or a malicious user A user can be socially engineered to reveal username /password to an attacker Risk eliminated Very Low Risk Risk reduced Passwords only provide a single authentication factor Passwords generally represent a poor binding between identity and credential The server knows everyone s password it is a single point of failure for ALL credentials if it is compromised A malicious server can masquerade as any user to any other service that accepts the same username/ password (MITM) The server has very minimal assurance that they are talking to the original user the password could have been shared, stolen or guessed 33 Using PKI Virtual Tokens with PKI Virtual Tokens are a relatively new product offering from most organizations there are still teething issues being experienced by vendors deploying this technology Virtual Tokens provide a lower cost of implementation than the next step up in authentication assurance level which is hardware tokens Virtual Tokens mitigate most (but not all) of the remaining risks that software certificates did not address and facilitate portability of credentials which was a deficiency that reliance on software certificates introduced Virtual Tokens cannot however, provide true two-factor authentication because they can be duplicated an infinite number of times and thus are vulnerable to offline brute force or password guessing attacks NOTE: Virtual Tokens may also come in a one-time-pad (OTP) format. These types of tokens are more susceptible to MITM than PKI based tokens. In the continuum of authentication assurance, OPT tokens fall close to (but below) software certificates due to their password related deficiencies 34

18 Hardware Tokens Authentication 35 Using PKI Hardware Tokens with PKI Hardware Tokens work exactly the same as software certificates or Virtual Tokens from a functionality perspective. The user interactions are exactly the same, except when the browser asks permission to use the key associated with that certificate, the user MUST provide the password to the Hardware Token after having connected the device. The advantage of keys stored in Hardware Tokens and registered with the browser is the enforcement of strong local password protection. A Hardware Token is a secure container for the key instead of using the browser s key store Hardware Tokens also remedy the portability deficiencies introduced by software certificates Hardware Tokens restrict the export of keys such that two factor authentication can be achieved 36

19 Using PKI Hardware Tokens with By using an http URL, the user has no guarantee that they are talking to the correct server There are no transport protections so username and password can be intercepted and stolen in transit (wired or wireless) A MITM attacker simply pretends to be the server (local DNS poisoning), asks the user for their credentials and replays the answers to the real server in real time to gain access the user is oblivious to this attack If the password is saved in the browser, the key may be stolen by malware or a malicious user A user can be socially engineered to reveal key password to an attacker Risk eliminated Very Low Risk Risk reduced Passwords only provide a single authentication factor Passwords generally represent a poor binding between identity and credential The server knows everyone s password it is a single point of failure for ALL credentials if it is compromised A malicious server can masquerade as any user to any other service that accepts the same username/ password (MITM) The server has very minimal assurance that they are talking to the original user the password could have been shared, stolen or guessed 37 Using PKI Hardware Tokens with PKI Hardware Tokens are a mature technology that is well regulated the FIPS 140 Standard (about to release version3) provides ratings for cryptographic devices of which Hardware Tokens are a subset Hardware Tokens require a higher initial cost of implementation than other options discussed here, but this may be offset by the cost of higher helpdesk support for other options e.g. password resets, revocation of certificates due to lost files or compromised passwords Hardware Tokens mitigate or solve all risks that software certificates did not address and yet facilitate portability of credentials which was a deficiency that reliance on software certificates introduced Hardware Tokens provide true two-factor authentication for the highest level of assurance in authentications of any method discussed NOTE: PCI and HIPAA both require two factor authentication under certain circumstances. Hardware Tokens are the only authentication technology currently in operation at Dartmouth that can provide this 38

20 Hardware Tokens provide Portability for PKI Private Keys Hardware based key stores provide cross-browser and crossplatform interoperability PCMCIA, Smartcard or USB form factors available USB was Dartmouth s choice because it is relatively ubiquitous and does NOT require the installation of additional hardware i.e. card readers Aladdin etokens were chosen because they best supported the range of platforms Dartmouth wished to support (i.e. Windows, Mac, Linux) 39 etokens provide the Strongest Protection of PKI Private Keys Hardware key stores provide enforcement of key security Hardware devices can ensure that only one copy of the key exists it is generated in hardware and cannot be exported (never leaves the token) Hardware devices can ensure that applications do not have direct access to keys Hardware devices can ensure that passwords are set to protect keys, and can limit attempts to guess them Because of portability functionality of hardware devices (detailed previously), there is no need for users to manage import and export between locations Aladdin etokens were chosen because they are FIPS 140 level 3 certified hardware devices 40

21 Summary Identity Assurance is a measure of the confidence that the entity at the other end of an authentication event, is who they are claiming to be Identity Assurance is a pre-requisite for effective identity management, and identity management a pre-requisite for robust security The strength of any Authentication event is dependent on the following: The original process to bind the identity to the authentication token The life cycle management and protection of the authentication token by the identity The infrastructure and protocols used by a service to validate an authentication token The use of multiple authentication factors to verify identity 41 Summary A flexible identity management infrastructure should support different levels of authentication including: High assurance credentials on hardware tokens Medium assurance credentials on virtual tokens Low assurance credentials with PKI software certificates Rudimentary assurance password based credentials It is recommended that institutions of higher education move away from password based authentication as soon as possible (where practical) for any type of sensitive data access While debate continues on what type of technology is best suited to prevent identity theft, many experts believe that a combination of PKI infrastructure and two-factor authentication offers the greatest promise of protection. Source: Financial Services Technology, Preventing Identity Theft 42

CYBER SECURITY OPERATIONS CENTRE (UPDATED) 201 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL

Why PKI & the 4BF (Scott Rea) Securing the ecampus - Hanover NH July 28, 2009 Identity Theft Is On the Rise Identify theft is still a fast growing crime in America: 9.9 million victims in past year This

Public Key Infrastructure (PKI) In this video you will learn the quite a bit about Public Key Infrastructure and how it is used to authenticate clients and servers. The purpose of Public Key Infrastructure

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public

ADVANCE AUTHENTICATION TECHNIQUES Introduction 1. Computer systems and the information they store and process are valuable resources which need to be protected. With the current trend toward networking,

System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure

WHITE PAPER Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ) SEPTEMBER 2004 Overview Password-based authentication is weak and smart cards offer a way to address this weakness,

SecureAuth Authentication: How SecureAuth performs what was previously impossible using X.509 certificates As enterprises move their applications to the Web and mobile platforms, providing strong security

ARCHIVED PUBLICATION The attached publication, NIST Special Publication 800-63 Version 1.0.2 (dated April 2006), has been superseded and is provided here only for historical purposes. For the most current

IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,

Introduction Widespread usage of internet has led to the growth of awareness amongst users, who now associate green address bar with security. Though people are able to recognize the green bar, there is

Purpose and Scope The purpose of this policy is to define the roles and responsibilities on implementing the Homeland Security Presidential Directive 12 (HSPD-12) Logical Access Control (LAC) throughout

Available online www.jocpr.com Journal of Chemical and Pharmaceutical Research, 2014, 6(7):437-441 Research Article ISSN : 0975-7384 CODEN(USA) : JCPRC5 Research of network payment system based on multi-factor

Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment

Version 1.0 Date: Author: PCI Security Standards Council Executive Summary The time to migrate is now. For over 20 years Secure Sockets Layer (SSL) has been in the market as one of the most widely-used

OPENID AUTHENTICATION SECURITY Erik Lagercrantz and Patrik Sternudd Uppsala, May 17 2009 1 ABSTRACT This documents gives an introduction to OpenID, which is a system for centralised online authentication.

IDENTITY MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

How did Wiki Leaks happen? A disgruntled employee with an agenda goes to work with USB flash drives and copies restricted files off of the server. There is no adequate secure network access and identity

Securing your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4. What does

PASSWORD MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

SSL/TLS: The Ugly Truth Examining the flaws in SSL/TLS protocols, and the use of certificate authorities. Adrian Hayter CNS Hut 3 Team adrian.hayter@cnsuk.co.uk Contents Introduction to SSL/TLS Cryptography

Digital identity: Toward more convenient, more secure online authentication For more than four decades, the familiar username/password method has been the basis for authentication when accessing computer-based

How Secure is your Authentication Technology? Compare the merits and vulnerabilities of 1.5 Factor Authentication technologies available on the market today White Paper Introduction A key feature of any

Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,

Enhancing Organizational Security Through the Use of Virtual Smart Cards Today s organizations, both large and small, are faced with the challenging task of securing a seemingly borderless domain of company

It s All About Authentication An information security white paper to help focus resources where they produce the best results. March 2005 Author: Doug Graham, CISSP Senior Director Blue Ridge Networks,

ALTERNATIVES TO CERTIFICATION AUTHORITIES FOR A SECURE WEB Scott Rea DigiCert, Inc. Session ID: SEC-T02 Session Classification: Intermediate BACKGROUND: WHAT IS A CERTIFICATION AUTHORITY? What is a certification

etoken Single Sign-On 3.0 Frequently Asked Questions Table of Contents 1. Why aren t passwords good enough?...2 2. What are the benefits of single sign-on (SSO) solutions?...2 3. Why is it important to

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used

State of Arkansas Policy Statement on the Use of Electronic Signatures by State Agencies June 2008 Background In the last ten years Arkansas has enacted several laws to facilitate electronic transactions

White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services Over the past decade, the demands on government agencies to share information across the federal, state and local levels

Page 1 Skoot Secure File Transfer Sharing information has become fundamental to organizational success. And as the value of that information whether expressed as mission critical or in monetary terms increases,

Using EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience Applied Technology Abstract The Web-based approach to system management taken by EMC Unisphere

Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features

SHA-1 Versus SHA-2 Overview Most of the documentation out there on the transition from SHA-1 certificates to SHA-2 certificates will tell you three things: - Breaking SHA-1 is not yet practical but will

Welcome to the Training Module 1 Introduction Does loss of control over your online identities bother you? 2 Objective By the end of this module, you will be able to: Identify the challenges in protecting